CLAIMS 

What is claimed is: 

1 . A method performed by an Internet Service Provider ("ISP") to reduce certificate 
revocation lists ("CRL") at access points of a wireless access network providing access to 
the ISP, the method comprising: 

receiving a subscription request from a user terminal capable of accessing the ISP 
using the wireless access network; 

assigning a subscription identifier to the user terminal; 

providing a service certificate signed by a certificate authority including the 
subscription identifier; and 

providing, to the user terminal, one or more session certificates to be used to access 
the wireless access network, the session certificates having a shorter validity period than 
the service certificate. 

2. The method of claim 1, further comprising: 

receiving the service certificate from an access point being used by a user terminal 
to access the wireless access network; 

determining whether the service certificate is valid; and 

providing one or more new session certificates to the user terminal if the service 
certificate is valid. 

3. The method of claim 2, wherein determining whether the service certificate is valid 
comprises searching a certificate revocation list. 
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4. The method of claim 1 , wherein the one or more session certificates are each 
associated with a link-level session available to the user terminal. 

5. The method of claim 1, wherein each link-level session comprises a PPP session. 

6. A method performed by an access point of a wireless access network, the method 
comprising: 

receiving a digital certificate from a user terminal seeking access to the wireless 
access network, the digital certificate to be used to authenticate the user terminal; 
determining a type of the digital certificate; and 

determining the validity of the digital certificate by searching a certificate 
revocation list (CRL) associated with the type of the digital certificate. 

7. The method of claim 6, wherein determining the type of the digital certificate 
comprises determining whether the digital certificate comprises a service certificate or a 
session certificate. 

8. The method of claim 7, wherein the validity periods of session certificates is shorter 
than the validity periods of session certificates. 

9. The method of claim 8, wherein the CRL associated with session certificates is 
shorter than the CRL associated with service certificates. 
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10. A user terminal capable of communicating with a wireless access network, the user 
terminal comprising: 

a memory to store: 

a service certificate issued by an Internet Service Provider ("ISP") and signed by a 
certificate authority, the service certificate having a first validity period, the service 
certificate corresponding with a subscription of the user terminal with the ISP and to be 
used by the wireless access network to authenticate the user terminal; and 

a session certificate issued by the ISP and signed by the certificate authority, the 
session certificate having a second validity period that is shorter in duration than the first 
validity period, the session certificate corresponding with a session subscribed to by the 
user terminal and to be used by the wireless access network to authenticate the user 
terminal. 

1 1 . The user terminal of claim 10, wherein the session comprises a link-level session. 

12. The user terminal of claim 11, wherein the link-level session comprises a PPP 
session. 

13. A machine-readable medium having stored thereon data representing instructions 
that, when executed by a processor of an Internet Service Provider ("ISP"), cause the 
processor to perform operations to reduce certificate revocation lists ("CRL") at access 
points of a wireless access network providing access to the ISP, the operations comprising: 

receiving a subscription request from a user terminal capable of accessing the ISP 
using the wireless access network; 
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assigning a subscription identifier to the user terminal; 

providing a service certificate signed by a certificate authority including the 
subscription identifier; and 

providing, to the user terminal, one or more session certificates to be used to access 
the wireless access network, the session certificates having a shorter validity period than 
the service certificate. 

14. The machine-readable medium of claim 13, wherein the instructions further cause 
the processor to perform operations comprising: 

receiving the service certificate from an access point being used by a user terminal 
to access the wireless access network; 

determining whether the service certificate is valid; and 

providing one or more new session certificates to the user terminal if the service 
certificate is valid. 

15. The machine-readable medium of claim 14, wherein determining whether the 
service certificate is valid comprises searching a certificate revocation list. 

16. The machine-readable medium of claim 13, wherein the one or more session 
certificates are each associated with a link-level session available to the user terminal. 

17. The machine-readable medium of claim 13, wherein each link-level session 
comprises a PPP session. 
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